Serge Maandag wrote: > Can anybody tell me whether it is possible on a host to allow tftp, but > at the same time deny all other udp traffic? tftpd (server): yes, tftp (client): no (or at least not with stateless firewalling, i.e. ipchains). The same problem exists for other UDP clients (e.g. "nslookup" won't work without "-vc") if you don't allow arbitrary inbound UDP packets. Or, for that matter, for TCP clients if you don't consider the SYN flag a sufficient filtering criterion. But then, if you're concerned about security, why are you using TFTP? -- Glynn Clements <glynn@sensei.co.uk> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
